RHSA-2017:3240-1: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update

Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4
for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-2183, CVE-2017-9788, CVE-2017-9798

Read More

RHSA-2017:3247-1: Critical: firefox security update

Red Hat Enterprise Linux: An update for firefox is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-7826, CVE-2017-7828, CVE-2017-7830

Read More

USN-3481-1: WebKitGTK+ vulnerabilities

Ubuntu Security Notice USN-3481-1

16th November, 2017

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software description

  • webkit2gtk
    – Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
libwebkit2gtk-4.0-37

2.18.3-0ubuntu0.17.10.1
libjavascriptcoregtk-4.0-18

2.18.3-0ubuntu0.17.10.1
Ubuntu 17.04:
libwebkit2gtk-4.0-37

2.18.3-0ubuntu0.17.04.1
libjavascriptcoregtk-4.0-18

2.18.3-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
libwebkit2gtk-4.0-37

2.18.3-0ubuntu0.16.04.1
libjavascriptcoregtk-4.0-18

2.18.3-0ubuntu0.16.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

CVE-2017-13783,

CVE-2017-13784,

CVE-2017-13785,

CVE-2017-13788,

CVE-2017-13791,

CVE-2017-13792,

CVE-2017-13793,

CVE-2017-13794,

CVE-2017-13795,

CVE-2017-13796,

CVE-2017-13798,

CVE-2017-13802,

CVE-2017-13803

Read More

USN-3482-1: ipsec-tools vulnerability

Ubuntu Security Notice USN-3482-1

16th November, 2017

ipsec-tools vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

ipsec-tools could be made to crash if it received specially crafted network traffic.

Software description

  • ipsec-tools
    – IPsec tools for Linux

Details

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly
handled certain ISAKMP fragments. A remote attacker could use this issue to
cause racoon to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
racoon

1:0.8.0-9ubuntu1.2
ipsec-tools

1:0.8.0-9ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-10396

Read More

USN-3477-1: Firefox vulnerabilities

Ubuntu Security Notice USN-3477-1

16th November, 2017

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10
  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, read uninitialized
memory, obtain sensitive information, bypass same-origin restrictions,
bypass CSP protections, bypass mixed content blocking, spoof the
addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827,
CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,
CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842)

It was discovered that javascript: URLs pasted in to the addressbar
would be executed instead of being blocked in some circumstances. If a
user were tricked in to copying a specially crafted URL in to the
addressbar, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2017-7839)

It was discovered that exported bookmarks do not strip script elements
from user-supplied tags. If a user were tricked in to adding specially
crafted tags to bookmarks, exporting them and then opening the resulting
HTML file, an attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2017-7840)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
firefox

57.0+build4-0ubuntu0.17.10.5
Ubuntu 17.04:
firefox

57.0+build4-0ubuntu0.17.04.5
Ubuntu 16.04 LTS:
firefox

57.0+build4-0ubuntu0.16.04.5
Ubuntu 14.04 LTS:
firefox

57.0+build4-0ubuntu0.14.04.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2017-7826,

CVE-2017-7827,

CVE-2017-7828,

CVE-2017-7830,

CVE-2017-7831,

CVE-2017-7832,

CVE-2017-7833,

CVE-2017-7834,

CVE-2017-7835,

CVE-2017-7837,

CVE-2017-7838,

CVE-2017-7839,

CVE-2017-7840,

CVE-2017-7842

Read More

Linux Administration – News and Blog